FS#70822 - [libxml2] [security] CVE-2021-3537
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Wednesday, 12 May 2021, 15:52 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 15 May 2021, 09:26 GMT
Opened by T.J. Townsend (blakkheim) - Wednesday, 12 May 2021, 15:52 GMT
Last edited by Antonio Rojas (arojas) - Saturday, 15 May 2021, 09:26 GMT
|
Details
Description:
Attached diff adds an upstream patch for CVE-2021-3537 to the libxml2 package. Additional info: Switching to git master might be worth considering if they won't make a release with all these fixes... https://security.archlinux.org/CVE-2021-3537 
libxml.diff
(1.4 KiB)
|
This task depends upon
Closed by Antonio Rojas (arojas)
Saturday, 15 May 2021, 09:26 GMT
Reason for closing: Fixed
Additional comments about closing: libxml 2.9.12-1
Saturday, 15 May 2021, 09:26 GMT
Reason for closing: Fixed
Additional comments about closing: libxml 2.9.12-1
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 # CVE-2021-3516
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 # CVE-2021-3517
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7 # CVE-2021-3518
There was another null deference fix just two days ago:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bfd2f4300fb348a0fb8265a17546a0eb8bdec719
My suggestion is now to just use the master branch until a release is cut, which this v2 diff does.